Applied Cryptography & Cybersecurity Software Engineer - Post Quantum Focus (M.S. or Ph.D.)

Exponent is the only premium engineering and scientific consulting firm with the depth and breadth of expertise to solve our clients' most profoundly unique, unprecedented, and urgent challenges.

Our vision is to engage multidisciplinary teams of science, engineering, and regulatory experts to empower clients with solutions that create a safer, healthier, more sustainable world. For over five decades, we've connected the lessons of past failures with tomorrow's solutions to advise clients as they innovate technologically complex products and processes, ensure the safety and health of their users, and address the challenges of sustainability.

Join our team of experts with degrees from top programs at over 500 universities and extensive experience spanning a variety of industries. At Exponent, you'll contribute to the diverse pool of ideas, talents, backgrounds, and experiences that drives our collaborative teamwork and breakthrough insights. Plus, we help you grow your career through mentoring, sponsorship, and a culture of learning. Thanks for your interest in joining our team!

Key statistics:

950+ Consultants
• 640+ Ph.D.s
• 90+ Disciplines
• 30+ Offices globally

We are seeking an Applied Cryptography & Cybersecurity Software Engineer - PostQuantum Focus to join our Data Sciences Practice in Irvine, CA, Los Angeles, CA, or Menlo Park, CA.

This role is ideal for someone who thrives at the intersection of cryptography research, cybersecurity architecture, and handson software engineering, and who is passionate about securing realworld, missioncritical systems. You will contribute to impactful projects across sectors including defense, utilities, and other critical infrastructure domains, helping to design and implement secure, resilient systems that can withstand today's and tomorrow's adversaries.

You will work on cryptographic modernization and postquantum transition efforts, architect secure systems and protocols, and help build robust software and data infrastructure that "bakes in" security from the ground up. You'll collaborate with multidisciplinary teams of engineers, data scientists, and domain experts to solve complex, applied security problems in production environments.

• Designing and architecting secure software systems and services, with strong emphasis on cryptography, key management, and secure protocol design
• Leading postquantum cryptography assessments and migration planning, including algorithm selection, hybrid approaches, and performance/latency tradeoff analysis
• Evaluating, integrating, and hardening cryptographic libraries, modules, and products, including FIPSvalidated components where applicable
• Developing and reviewing secure communication protocols, authentication schemes, and dataatrest / dataintransit protection mechanisms
• Performing security architecture reviews for new and existing systems
• Wearing multiple hats across data engineering and software teams to incorporate cryptographic controls and security best practices into data pipelines, APIs, and microservices
• Supporting the development of policies, standards, and technical guidance related to cryptographic modernization (including PQC) and cybersecurity architecture
• Translating complex cryptographic and cybersecurity concepts into clear requirements, design documents, and presentations for both technical and nontechnical stakeholders, including senior government clients
• Ensuring security controls and cryptographic implementations align with federal and industry standards (e.g., NIST PQC, CNSS, DoD directives, FedRAMP) and clientspecific compliance requirements
• Contributing to internal R&D and prototyping efforts in areas such as PQC benchmarking, secure enclaves, zerotrust architectures, and secure DevSecOps pipelines

• Ph.D. in Computer Science, Electrical/Computer Engineering, Applied Mathematics, or a related scientific/engineering field with a focus in cryptography, cybersecurity, or information security
• OR M.S. plus 5+ years of postdegree industry or government experience in applied cryptography, cybersecurity architecture, or secure software engineering
• Deep expertise in modern cryptography, including:
• Publickey and symmetric cryptography, key exchange, digital signatures, hashing, and MACs
• Understanding of postquantum cryptography concepts and NIST PQC standards (e.g., Kyber, Dilithium, other latticebased or codebased schemes)
• Familiarity with cryptographic protocols (e.g., TLS, IPsec, SSH) and their failure modes
• Demonstrated experience designing and reviewing secure system and software architectures for missioncritical or sensitive environments
• Strong software engineering skills, including:
• Proficiency in at least one systems or backend language (e.g., Python, C/C++, Go, Rust, or Java)
• Experience building, testing, and maintaining productiongrade software using version control (Git or similar)
• Familiarity with secure coding practices, code review, and CI/CD or DevSecOps workflows
• Experience integrating cryptography into realworld systems, including:
• Using and evaluating cryptographic libraries (e.g., OpenSSL, BoringSSL, libsodium, Bouncy Castle, AWS KMS, Azure Key Vault, or equivalent)
• Implementing or integrating key management, HSMs, or hardwarebacked trust (e.g., TPM, secure enclaves)
• Working knowledge of cybersecurity concepts and frameworks, such as:
• Zerotrust architectures, identity and access management, network segmentation, logging and monitoring
• NIST SP 800series guidance, DoD or IC security policies, or similar regulatory frameworks
• Experience communicating complex technical material clearly and concisely to diverse audiences, including senior leadership and nontechnical stakeholders
• Strong writing skills to enable generation of concise, clear, and accurate standards and guidance documentation
• Ability to work independently and in multidisciplinary teams, managing priorities across concurrent projects

Highly desirable experience

• Handson work in postquantum cryptography transition or evaluation (e.g., performance benchmarking, hybrid key exchange, impact analysis on existing protocols)
• Experience with DoD, IC, or other U.S. Government clients, including familiarity with cryptographyrelated policies and guidance
• Experience architecting secure solutions on major cloud platforms (AWS, Azure, or GCP), including use of managed key management and cryptographic services
• Background in secure networking, endpoint protection, or security operations as it relates to cryptographic controls
• Experience with formal methods, protocol verification, or sidechannel and implementationlevel attack considerations
• Relevant certifications (e.g., CISSP, GSEC, CSSLP, GIAC, or similar)

Security requirements

Our contracts with the United States Government for this position require:

• Proof of U.S. citizenship
• The possession of, or ability to obtain, a U.S. DoD Security Clearance (Secret or higher)

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Applicants are encouraged to submit a CV (Curriculum Vitae) with publications (feel free to include publications that are in review or pending) [not restricted to 1 page].

To learn more about life at Exponent and our impact, please visit the following links:
https://www.exponent.com/careers/life-exponent
https://www.exponent.com/company/our-impact

Attracting, inspiring, developing, and rewarding exceptional people with diverse backgrounds and expertise are central to our corporate culture. Our diverse team allows us to provide better value to our clients and enjoy an enriched work environment.

Our firm is committed to offering a variety of programs and resources to support health and well-being. We believe that providing competitive benefits as well as compensation and recognition programs empowers our staff to do work that makes a difference.

At Exponent, we have found that in-person interactions deepen employee engagement and are crucial for development, for realizing the full potential of our talented and diverse teams, and for building a more inclusive workplace where all have a sense of belonging. In our offices, you can expect a supportive culture and a collaborative, dynamic, multi-disciplinary work environment. Our consultants engage in-person in the office unless they are traveling for client work or other business activities.

We value the rich lives our colleagues enjoy outside of work and understand that work/life balance is critical to our employees and their well-being. Consultants have the autonomy to balance their work and personal schedules so you can meet with clients, visit inspection sites, attend conferences, and make time for priorities outside of work, too. It is this flexible, agile work style and working hours that allow our teams to drive innovation and results in their own ways, while meeting the needs of clients. #LI-Onsite

Our consultants are rewarded for their technical and business contributions and have an opportunity to plan for future success and career growth. Exponent's total compensation plan is consistent with its expectations of the quality and quantity of work performed and with the professional standards set by Exponent. At the Associate and Senior Associate level, total compensation includes base salary, bi-weekly bonuses for high-intensity efforts, annual bonus and 401(k) employer contribution of 7% of base salary.

The base salary range for this position is dependent on experience and capabilities which will be assessed during the interview process.